Import PEM keys #34086
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,157 @@ | ||
| // Licensed to the .NET Foundation under one or more agreements. | ||
| // The .NET Foundation licenses this file to you under the MIT license. | ||
| // See the LICENSE file in the project root for more information. | ||
|
|
||
| #nullable enable | ||
| using System; | ||
| using System.Diagnostics; | ||
| using System.Security.Cryptography; | ||
|
|
||
| namespace Internal.Cryptography | ||
| { | ||
| internal static class PemKeyImportHelpers | ||
| { | ||
| public delegate void ImportKeyAction(ReadOnlySpan<byte> source, out int bytesRead); | ||
| public delegate ImportKeyAction? FindImportActionFunc(ReadOnlySpan<char> label); | ||
| public delegate void ImportEncryptedKeyAction<TPass>( | ||
| ReadOnlySpan<TPass> password, | ||
| ReadOnlySpan<byte> source, | ||
| out int bytesRead); | ||
|
|
||
| public static void ImportEncryptedPem<TPass>( | ||
| ReadOnlySpan<char> input, | ||
| ReadOnlySpan<TPass> password, | ||
| ImportEncryptedKeyAction<TPass> importAction) | ||
| { | ||
| bool foundEncryptedPem = false; | ||
| PemFields foundFields = default; | ||
| ReadOnlySpan<char> foundSlice = default; | ||
|
|
||
| ReadOnlySpan<char> pem = input; | ||
| while (PemEncoding.TryFind(pem, out PemFields fields)) | ||
| { | ||
| ReadOnlySpan<char> label = pem[fields.Label]; | ||
|
|
||
| if (label.SequenceEqual("ENCRYPTED PRIVATE KEY")) | ||
| { | ||
| if (foundEncryptedPem) | ||
| { | ||
| throw new ArgumentException(SR.Argument_PemImport_AmbiguousPem, nameof(input)); | ||
| } | ||
|
|
||
| foundEncryptedPem = true; | ||
| foundFields = fields; | ||
| foundSlice = pem; | ||
| } | ||
|
|
||
| Index offset = fields.Location.End; | ||
| pem = pem[offset..]; | ||
| } | ||
|
|
||
| if (!foundEncryptedPem) | ||
| { | ||
| throw new ArgumentException(SR.Argument_PemImport_NoPemFound, nameof(input)); | ||
| } | ||
|
|
||
| ReadOnlySpan<char> base64Contents = foundSlice[foundFields.Base64Data]; | ||
| int base64size = foundFields.DecodedDataLength; | ||
| byte[] decodeBuffer = CryptoPool.Rent(base64size); | ||
|
|
||
| try | ||
| { | ||
| if (!Convert.TryFromBase64Chars(base64Contents, decodeBuffer, out int bytesWritten)) | ||
| { | ||
| // Couldn't decode base64. We shouldn't get here since the | ||
| // contents are pre-validated. | ||
| Debug.Fail("Base64 decoding failed on already validated contents."); | ||
| throw new ArgumentException(); | ||
| } | ||
|
|
||
| Debug.Assert(bytesWritten == base64size); | ||
| Span<byte> decodedBase64 = decodeBuffer.AsSpan(0, base64size); | ||
| importAction(password, decodedBase64, out _); | ||
| } | ||
| finally | ||
| { | ||
| CryptoPool.Return(decodeBuffer, clearSize: base64size); | ||
| } | ||
| } | ||
|
|
||
| public static void ImportPem(ReadOnlySpan<char> input, FindImportActionFunc callback) | ||
| { | ||
| ImportKeyAction? importAction = null; | ||
| PemFields foundFields = default; | ||
| ReadOnlySpan<char> foundSlice = default; | ||
| bool containsEncryptedPem = false; | ||
|
|
||
| ReadOnlySpan<char> pem = input; | ||
| while (PemEncoding.TryFind(pem, out PemFields fields)) | ||
| { | ||
| ReadOnlySpan<char> label = pem[fields.Label]; | ||
| ImportKeyAction? action = callback(label); | ||
|
|
||
| // Caller knows how to handle this PEM by label. | ||
| if (action != null) | ||
| { | ||
| // There was a previous PEM that could have been handled, | ||
| // which means this is ambiguous and contains multiple | ||
| // importable keys. Or, this contained an encrypted PEM. | ||
| // For purposes of encrypted PKCS8 with another actionable | ||
| // PEM, we will throw a duplicate exception. | ||
| if (importAction != null || containsEncryptedPem) | ||
| { | ||
| throw new ArgumentException(SR.Argument_PemImport_AmbiguousPem, nameof(input)); | ||
| } | ||
|
|
||
| importAction = action; | ||
| foundFields = fields; | ||
| foundSlice = pem; | ||
| } | ||
| else if (label.SequenceEqual("ENCRYPTED PRIVATE KEY")) | ||
|
There was a problem hiding this comment. I don't know if we need a PemHeaders constants class; but at least using a const string in this class would be better than repeating the literal across methods. |
||
| { | ||
| containsEncryptedPem = true; | ||
| } | ||
|
|
||
| Index offset = fields.Location.End; | ||
| pem = pem[offset..]; | ||
| } | ||
|
|
||
| // The only PEM found that could potentially be used is encrypted PKCS8, | ||
| // but we won't try to import it with a null or blank password, so | ||
| // throw. | ||
| if (containsEncryptedPem) | ||
| { | ||
| throw new ArgumentException(SR.Argument_PemImport_EncryptedPem, nameof(input)); | ||
bartonjs marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| } | ||
|
|
||
| // We went through the PEM and found nothing that could be handled. | ||
| if (importAction is null) | ||
| { | ||
| throw new ArgumentException(SR.Argument_PemImport_NoPemFound, nameof(input)); | ||
| } | ||
|
|
||
| ReadOnlySpan<char> base64Contents = foundSlice[foundFields.Base64Data]; | ||
| int base64size = foundFields.DecodedDataLength; | ||
| byte[] decodeBuffer = CryptoPool.Rent(base64size); | ||
|
|
||
| try | ||
| { | ||
| if (!Convert.TryFromBase64Chars(base64Contents, decodeBuffer, out int bytesWritten)) | ||
| { | ||
| // Couldn't decode base64. We shouldn't get here since the | ||
| // contents are pre-validated. | ||
| Debug.Fail("Base64 decoding failed on already validated contents."); | ||
| throw new ArgumentException(); | ||
| } | ||
|
|
||
| Debug.Assert(bytesWritten == base64size); | ||
| Span<byte> decodedBase64 = decodeBuffer.AsSpan(0, base64size); | ||
| importAction(decodedBase64, out _); | ||
|
There was a problem hiding this comment. I assume that you've made a conscious choice to say it's OK to ignore trailing bytes here, since there's no check that the import action reports bytesRead == base64Size. I can accept that... but a comment saying so would be nice. (Reasonable justification includes that the key has already been modified, so throwing and not have the same object modification effect) |
||
| } | ||
| finally | ||
| { | ||
| CryptoPool.Return(decodeBuffer, clearSize: base64size); | ||
| } | ||
| } | ||
| } | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In bizarro-world, where TryFromBase64Chars reports a different answer in a release build, let's use the answer it gave.